malwarewikiaorg-20200223-history
Blower
Blower is a ransomware that is a part of the Djvu family. It is similar to other viruses like CryptoID, 888, and Cosanostra. Payload Transmission The malicious payload is usually injected with the help of illegal cracks and keygens, usually downloaded from torrent sites. Infection Blower virus uses AES cipher to lock data and appends .blower extension – the encryption process usually takes only a few seconds, so victims cannot do much to stop it. Databases, documents, pictures, and other data becomes inaccessible, and users are shown a _readme.txt note that explains what happened, and they are asked for a ransom of $490 in bitcoin for the file release. Bad actors also clarify that the amount doubles if the sum is not transferred within 72 hours of the infection. The Blower Ransomware targets the user-generated files, such as those with the following extensions: .jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar. The ransom note placement follows the encryption process when every folder on the machine gets _readme.txt. Blower ransomware ransom message reads the following: ATTENTION! Do not worry my friend, you can return all your files! All your files are encrypted with the unique key. Decrypt tool for you. This software will decrypt all your encrypted files. What guarantees you have? You can send your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get a video of the decrypt tool: https://we.tl/t-1aaC7npeV9 Price is $ 980. Discount 50% available if you contact us first 72 hours, that's price for you is $ 490. Please note that you never restore your data without payment. Check your e-mail address if you don’t get it more than 6 hours. E-mail: blower@india.com Reserve e-mail address to contact us: blower firemail.cc @ Your personal ID: 030GHsgdfT7878YsY9gsafL *** Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Microsoft Windows Category:Trojan Category:Win32 trojan